SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 23

changes.mady.by.user Barbara White

Saved on

compared with

New Version 24

changes.mady.by.user Sandy Shrum

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MEM30MEM50-CPP

High

Likely

Medium

P18

L1

...

Tool

Version

Checker

Description

Compass/ROSE

 

 

 

Coverity

Include Page
Coverity_V
Coverity_V

USE_AFTER_FREE

Can detect the specific instances where memory is deallocated more than once or read/written to the target of a freed pointer

Fortify SCA

5.0

Double Free

 

Klocwork

Include Page
Klocwork_V
Klocwork_V

UFM.DEREF.MIGHT
UFM.DEREF.MUST
UFM.PARAMPASS.MIGHT
UFM.PARAMPASS.MUST
UFM.RETURN.MIGHT
UFM.RETURN.MUST
UFM.USE.MIGHT
UFM.USE.MUST

 

LDRA tool suite

Include Page
LDRA_V
LDRA_V

51 D

Fully implemented

Splint

Include Page
Splint_V
Splint_V

 

 

...

VU#623332 describes a double-free vulnerability in the MIT Kerberos 5 function krb5_recvauth()

Search for other vulnerabilities resulting from the violation of this rule on the CERT website.

...

CERT C++ Coding StandardMEM52-CPP. Detect and handle memory allocation errors
CERT C Secure Coding StandardMEM30-C. Do not access freed memory
MITRE CWE

CWE-415, Double Free
CWE-416, Use After Free

...

[ISO/IEC 14882-2014]3.7.4.1, "Allocation Functions"
3.7.4.2, "Deallocation Functions" 
[Seacord 2013b]Chapter 4, "Dynamic Memory Management"

...